Fix escaped string parsing in numpy headers

[JanuszL]

Category:

Bug fix (non-breaking change which fixes an issue)

Description:

Fixes malformed .npy header parsing when a string value ends with an
unfinished backslash escape.

ParseStringValue advanced to the string terminator while handling the
escape and then allowed the loop increment to move past the terminator. The
parser now rejects a trailing escape before continuing, so malformed headers
fail cleanly instead of reading past the header buffer.

Additional information:

Affected modules and functionalities:

• dali/util/numpy.cc: reject an unfinished escape sequence in numpy header
  string values.
• dali/util/numpy_test.cc: add parser coverage for a descr field ending
  with a backslash escape.

Key points relevant for the review:

Please check that the pointer advancement in ParseStringValue still
preserves the existing behavior for supported escape sequences while rejecting
the unterminated escape case before the loop increment runs.

Tests:

• Existing tests apply
• New tests added
  • Python tests
  • GTests
  • Benchmark
  • Other
• N/A

Ran:

cmake --build compile/dali --target dali_test -j"$(nproc)"
DALI_EXTRA_PATH=/home/jlisiecki/Dali/DALI_extra \
LD_LIBRARY_PATH=/home/jlisiecki/Dali/dali/compile/dali/python/nvidia/dali \
compile/dali/python/nvidia/dali/test/dali_test.bin --gtest_filter=NumpyLoaderTest.*

Checklist

Documentation

• Existing documentation applies
• Documentation updated
  • Docstring
  • Doxygen
  • RST
  • Jupyter
  • Other
• N/A

DALI team only

Requirements

• Implements new requirements
• Affects existing requirements
• N/A

REQ IDs: N/A

JIRA TASK: N/A

[greptile-apps]

Greptile Summary

This PR fixes a buffer-overread in ParseStringValue (in dali/util/numpy.cc) that occurred when a .npy header string ended with a lone backslash escape. The original switch (*++input) advanced past the null terminator into uninitialized memory; the fix splits the increment from the switch and adds a DALI_ENFORCE guard before the switch.

• dali/util/numpy.cc: Increments input explicitly, then asserts *input != '\\0' before dispatching the switch — all supported escape sequences (\\\\, \\', \ , \ , \\\") and the default path are behaviorally unchanged.
• dali/util/numpy_test.cc: Adds \"{'descr':'<f4\\\\" (trailing backslash) to the error-case vector and updates the copyright year to 2026.

Confidence Score: 5/5

The change is a minimal, targeted fix to a single parser function with no side effects on callers or data paths.

The fix correctly splits the combined increment-and-dereference into two steps, adds a null-terminator guard before the switch, and leaves all existing escape-sequence paths unchanged. The new GTest entry directly exercises the previously crashing input. No regressions are expected.

No files require special attention.

Important Files Changed

Filename	Overview
dali/util/numpy.cc	Fixes out-of-bounds read in ParseStringValue by checking for null terminator after incrementing past a backslash escape before entering the switch; logic and all existing escape sequences are preserved.
dali/util/numpy_test.cc	Adds a regression test for the trailing-escape bug and updates the copyright year; the new entry is correctly comma-separated in the error-case vector.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["for loop: *input != '\\0'"] --> B{"*input == '\\\\'?"}
    B -- No --> C{"*input == delim_end?"}
    C -- Yes --> D[break]
    C -- No --> E["out += *input"]
    E --> A
    B -- Yes --> F["input++ (advance past backslash)"]
    F --> G{"*input == '\\0'?"}
    G -- Yes --> H["DALI_ENFORCE fails\n(new guard — trailing escape rejected)"]
    G -- No --> I["switch(*input)\n(process escape sequence)"]
    I --> A
    D --> J["DALI_ENFORCE *input == delim_end"]
    J --> K[return out]

Loading

_{Reviews (3): Last reviewed commit: "Fix escaped string parsing in numpy head..." | Re-trigger Greptile}

[JanuszL]

!build

[dali-automaton]

CI MESSAGE: [53264998]: BUILD STARTED

[dali-automaton]

CI MESSAGE: [53264998]: BUILD PASSED